114 matches found
CVE-2026-32616
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...
CVE-2026-32616
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...
Pigeon 注入漏洞
Pigeon is a lightweight bulletin board/notepad/social system/blog developed by Akkariin Meiko as an individual project. Versions of Pigeon prior to 1.0.201 contained a injection vulnerability. This vulnerability stemmed from the application’s use of unvalidated $SERVERHTTPHOST in the email...
CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...
CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...
PT-2026-25381
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $ SERVER'HTTP HOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification...
EUVD-2025-117129
Malicious code in reliable-sapphire-pigeon npm...
Malicious code in involved-amethyst-pigeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc184b63fe725240edae92c06b75e82b34d273e905edcb0272e0eb47c7ebd110 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mature-olive-pigeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51b1e0332300270e88dc7b8badb6746f7ee2ef8a163e80bfee954b250041dc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117038
Malicious code in tasteless-ivory-pigeon npm...
MAL-2025-138815 Malicious code in involved-amethyst-pigeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc184b63fe725240edae92c06b75e82b34d273e905edcb0272e0eb47c7ebd110 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117239
Malicious code in mature-olive-pigeon npm...
EUVD-2025-117244
Malicious code in mass-lavender-pigeon npm...
Malicious code in mass-lavender-pigeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39323fc49189bdc215d3a69c5d427e192d7c99984ebec3c5fb5d146e6cf91de6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117287
Malicious code in involved-amethyst-pigeon npm...
Malicious code in reliable-sapphire-pigeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d415cdb3b27d3a025bec726f6bb6bf6c68fa1d5b0a883b2f8f947f9ee180e061 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-116995
Malicious code in vulnerable-plum-pigeon npm...
MAL-2025-139107 Malicious code in vulnerable-plum-pigeon (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a894703ee849bb67c5b9e8c54abe66797e0f3ee6b9e34ff534a946b2aa758ab1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in vulnerable_pigeon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7726097f92b95a394e21c334f12e7eaed89a17ad3cc8d1a66b153dd4ac2a493f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in coastal_pigeon_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38947f5d75c5ac88b129b9d6f15ef3f1fcdef746cd6af030c7a0a49f95fbcb5d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...